antoine wrote:
Hello ,
Consider that i have an html , javascript , php site.
My goal is to somehow modify the html , javascript code before php
module does its stuff.
It is part of a javascript injection defense system. So i want to mark
benign javascript before
php module adds bad javascript code.
I first thought that an output filter is the solution but i suppose that
in the phase of the output filter
the chunks of data will be already produced after php code generation (
is that right ) ??
Yes
So the attack
is done and i will mark as benign that bad javascript injection code.
Is there a way to cope with this by adding a module-filter to apache and
not modify php module code ??
Apart from the yes above, I cannot add much, because it is not very
clear to me what you are trying to achieve, or what you are trying to
protect against. You seem to say that it is the php which inserts the
"bad" javascript code. But the php runs on your server, so that seems
to be the right point to protect, and not later try to undo what it
might have done. Or do you let any user load its own php stuff onto
your server, and then just run it ?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org